{"id":168,"date":"2025-07-16T03:38:54","date_gmt":"2025-07-16T03:38:54","guid":{"rendered":"https:\/\/www.newsbeep.com\/ca\/168\/"},"modified":"2025-07-16T03:38:54","modified_gmt":"2025-07-16T03:38:54","slug":"meta-fixes-bug-that-could-leak-users-ai-prompts-and-generated-content","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/ca\/168\/","title":{"rendered":"Meta fixes bug that could leak users&#8217; AI prompts and generated content"},"content":{"rendered":"<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Meta has fixed a security bug that allowed Meta AI chatbot users to access and view the private prompts and AI-generated responses of other users.<\/p>\n<p class=\"wp-block-paragraph\">Sandeep Hodkasia, the founder of security testing firm AppSecure, exclusively told TechCrunch that Meta paid him $10,000 in a bug bounty reward for privately disclosing the bug he filed on December 26, 2024.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Meta deployed a fix on January 24, 2025, said Hodkasia, and found no evidence that the bug was maliciously exploited.<\/p>\n<p class=\"wp-block-paragraph\">Hodkasia told TechCrunch that he identified the bug after examining how Meta AI allows its logged-in users to edit their AI prompts to regenerate text and images. He discovered that when a user edits their prompt, Meta\u2019s back-end servers assign the prompt and its AI-generated response a unique number. By analyzing the network traffic in his browser while editing an AI prompt, Hodkasia found he could change that unique number and Meta\u2019s servers would return a prompt and AI-generated response of someone else entirely.<\/p>\n<p class=\"wp-block-paragraph\">The bug meant that Meta\u2019s servers were not properly checking to ensure that the user requesting the prompt and its response was authorized to see it. Hodkasia said the prompt numbers generated by Meta\u2019s servers were \u201ceasily guessable,\u201d potentially allowing a malicious actor to scrape users\u2019 original prompts by rapidly changing prompt numbers using automated tools.<\/p>\n<p class=\"wp-block-paragraph\">When reached by TechCrunch, Meta confirmed it fixed the bug in January and that the company \u201cfound no evidence of abuse and rewarded the researcher,\u201d Meta spokesperson Ryan Daniels told TechCrunch.<\/p>\n<p class=\"wp-block-paragraph\">News of the bug comes at a time when tech giants are scrambling to launch and refine their AI products, despite <a href=\"https:\/\/techcrunch.com\/2025\/03\/07\/signal-president-meredith-whittaker-calls-out-agentic-ai-as-having-profound-security-and-privacy-issues\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">many security and privacy risks<\/a> associated with their use.<\/p>\n<p class=\"wp-block-paragraph\">Meta AI\u2019s stand-alone app, which <a href=\"https:\/\/techcrunch.com\/2025\/04\/29\/meta-launches-a-standalone-ai-app-to-compete-with-chatgpt\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">debuted earlier this year<\/a> to compete with rival apps like ChatGPT, launched to a rocky start after some users <a href=\"https:\/\/techcrunch.com\/2025\/06\/12\/the-meta-ai-app-is-a-privacy-disaster\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">inadvertently publicly shared what they thought were private conversations<\/a> with the chatbot.\u00a0<\/p>\n<p>Techcrunch event<\/p>\n<p>\n\t\t\t\t\t\t\t\t\tSan Francisco<br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 27-29, 2025\n\t\t\t\t\t\t\t<\/p>\n","protected":false},"excerpt":{"rendered":"Meta has fixed a security bug that allowed Meta AI chatbot users to access and view the private&hellip;\n","protected":false},"author":2,"featured_media":169,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[62,276,277,49,48,283,282,281,284,61],"class_list":{"0":"post-168","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence","8":"tag-ai","9":"tag-artificial-intelligence","10":"tag-artificialintelligence","11":"tag-ca","12":"tag-canada","13":"tag-cybersecurity","14":"tag-exclusive","15":"tag-meta","16":"tag-meta-ai","17":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/comments?post=168"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/168\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media\/169"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media?parent=168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/categories?post=168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/tags?post=168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}